Head of the watchdog, Elizabeth Denham, says ICO will be expected to do “more of everything” as strict new data compliance law comes down the track
Information commissioner Elizabeth Denham. Credit: DCMS
The Treasury will loosen its purse strings and allow the body which upholds information rights in the UK to pay its staff more in a bid to ensure it has the right people to deal with the extra challenges of tough new EU legislation.
The General Data Protection Regulation (GDPR) is designed to give EU citizens more control over the way their personal information is used, replacing law that was drafted before the widespread adoption of the internet. It will come into force in all EU member states from May 25, and is expected to have major compliance impacts on public authorities across the UK.
In a wide-ranging speech at an event held last week by the Association of Chief Executives and the Public Chairs’ Forum, Elizabeth Denham, UK information commissioner at the ICO, set out the watchdog’s efforts to boost its firepower as it prepares for the “huge challenge” of GDPR, and revealed that it had secured greater pay freedom from a Treasury that has kept a tight grip on public sector pay in recent years.
Related Content
- ICO planning ‘three-tier system’ of data-processing fees as post-GDPR funding model
- GDPR deadline: One third of public sector decision makers not confident they’ll be ready
- ICO: Councils need to sharpen up on data protection ahead of GDPR
“The UK is a leader in data protection,” she told the audience. “It’s one of the things that attracted me to this job – and the government has made clear its intention that we retain our world-class status as well as making the UK the safest place to be online. That’s a huge challenge for my office. But we have to deliver.
“I am strengthening my team in number and expertise and we’re moving the ICO to a place where we can deliver our new responsibilities and obligations to organisations and, importantly, the public.
“Earlier this month Treasury has provided the ICO pay flexibility for the next three years – this is critically important to be able to retain our expert staff and attract new technologists, lawyers and auditors.”
Under policy introduced by former chancellor George Osborne, public sector bodies have, since 2010, faced tight restrictions on what they can pay their staff, including a two-year freeze and subsequent pay rise cap of 1% which remained in force until last year.
Those restrictions have been keenly felt in digital, data and technology roles, where market rates are often significantly higher than those able to be offered by the public sector. Although Denham did not reveal further details of the deal with the Treasury, previous such deals in Whitehall have involved promises to improve productivity.
Denham made clear that her organisation was expecting major new responsibilities from the Data Protection Bill, which gives force to GDPR in the UK, and she told the conference that the ICO was “expecting more of everything” because of the change in the law.
The legislation would, she said, mean “more breach reports because the law requires it in high risk cases, more complaints, because people will be better informed of their rights, [and] greater engagement as organisations turn to us for advice at the outset”.
Denham also used her speech to reveal that the ICO would shortly be publishing what she called a “road map… to help organisations navigate the Data Protection Bill”, but she warned public sector chiefs against “complacency” in assuming their data protection policies are already up to scratch before May’s GDPR deadline.
“The tone has to come from the top,” she warned. “This is about commitment over compliance. It is up to you and your boards and your leadership teams to foster a culture of transparency and accountability as to how you use personal data.
“Equip your staff with the training and tools they need to get data protection right. Demonstrate to them that data protection is not a box-ticking exercise but a commitment to people that you will handle their personal data with care and respect.”